Re: Building network

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2009/8/6 Jack Knowlton <jknowlton@xxxxxxxx>:
> On Thu, August 6, 2009 12:10 pm, Makara wrote:
>> Hi Jack,
>>
>> Would you mind to draw out your idea and network diagram so that we can
>> understand it well ?.
>>
>> Example:
>>
>>  {ISP}----------(eth0)-{Debain}-(eth1)--{Switch}----{server2}
>>                                                         |        \
>>                                                     {server 2} {LAN}
>> you would like ......
>>
>>
>>
>> On Thu, Aug 6, 2009 at 2:55 PM, Jack Knowlton <jknowlton@xxxxxxxx> wrote:
>>
>>> Hi all.
>>> I have just switched to a new DSL provider and I need some serious help
>>> re-building my iptables/routing setup for the new connection.
>>> The ISP now provides me with a /29 subnet that I want to use for some of
>>> the computers on my LAN.
>>>
>>> The access device, a DSL bridge, is attached to the debian routing box
>>> (currently with 2 interfaces). According to the ISP tech department
>>> (they
>>> are referring to a standard soho router) I have to set the internal
>>> (LAN)
>>> interface to xxx.xxx.xxx.153 and the outside interface (WAN) will get
>>> the
>>> IP assigned by their DHCP. I then have 5 more IPs that I want to assign
>>> to
>>> different computers (static addressing - no internal DHCP needed).
>>>
>>> Since I want to host various servers, all of the computers that get
>>> public
>>> IPs will have to be accessible on whatever service they're hosting. In
>>> the
>>> case of the mailserver, the outgoing IP has to be the real one (and not
>>> the routing box's) because of rdns and dnsbl issues.
>>> Basically I think I do not need NAT. Unfortunately I have no idea how to
>>> implement that..
>>>
>>> Next: there's a bunch of wifi clients that connect to an internal AP. To
>>> be on the safe side I decided to keep the AP in a local LAN
>>> (10.0.1.0/24)
>>> and have the debian box to do NAT for them.
>>> My idea would be to add a third network interface to the routing box and
>>> give it a local LAN address, then use a basic iptables setup to have it
>>> NAT for any local client that requests it.
>>>
>>> If someone has had some experience with this I would really appreciate
>>> some guidence with what I'm trying to set-up.
>>> Regards,
>>>
>>> -JK
>>>
>>>
>
>
> Right :D
>                                            {server4}
>                                                |
> {ISP}--{DSL-brige}--(eth0)-{Debian}-(eth1)--{Switch}-(eth0)-{server2}-(eth1)
>                              |                 |                      |
>                           (eth2)             (eth0)-{server3}-(eth1)  |
>                              |                                   |    |
>                              \---------{switch2}----------------/----/
>                                            |
>                                           {AP}
>
>
> {Debian}
> ppp0: bridge interface (PPPoE via eth0)
> eth1: LAN with public IP interface (xxx.xxx.xxx.153)
> eth2: LAN with private IP interface (10.0.1.2)
>
> {server2}
> eth0: LAN with public IP (in /29 subnet)
> eth1: LAN with private IP (10.0.1.3)
>
> {server3}
> same as server2
>
> {AP}
> eth0: LAN with private IP (10.0.1.5)
>
This is a bit confusing to me .... you have multiple instances of ethn
where n=0,1.
You also appear to have more than one route to a subnet and claim at
least two interfaces with the same IP address i.e. is server 2 really
the same as server 3 ?

Your IP addresses should be passed into your Debian box - you shonuld
then provide routes to the external facing IP addresses - is server 3
on a NIC from the Debian box ?
If so where is eth3 on the Debian box and what address does that have?
 Likewise server 4 -- how do you route to that?

<snip>

Regards

L.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux